Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Not constant sha1sum

from [Paul Vidonne] Network Security [Permanent Link]
Subject: Re: Not constant sha1sum
Date: Mon, 17 Sep 2007 13:18:52 +0200 
Hello All,

Thanks for all your good advices. The issue is probably a bad hardware.

File are stored on a EXT3 partition on a server running Linux Fedora. 
When I compute with Linux (through ssh, then with server resources)
I have a bad result.
When I compute these same files situated on the same server with Windows 
(through Samba, then with desktop resources) I have a good result.

As a conclusion I would say "Never trust one hash only. Forensic good
practice require two equal hash coming from two different ways"

At 10:33 08/09/07 +0200, LERTI - Paul Vidonne wrote:

Hello all !

Does smb  met the following issue : several hash for an
unique file ? Of course a big one (4 GB). OS is Linux 
Fedora. File system EXT3 mounted on a SATA RAID-5 on Adaptec 
card

Could you enlighten me ?

Exemple :
[root@spica acquisit]# sha1sum -b 07667-SDH-dd.001
fe8195547af6d7ce76cd2e44160e06310a964063 *07667-SDH-dd.001

[root@spica acquisit]# sha1sum -b 07667-SDH-dd.001
e8dde55722ed1f2424fd7bb6246163120c561927 *07667-SDH-dd.001

[root@spica acquisit]# sha1sum -b 07667-SDH-dd.001
65f5eb98d33f7ccb1a8a82b0e6d916921c9d97b9 *07667-SDH-dd.001

The best is that the second hash is the good one !

Truly yours,

Paul Vidonne
--
LERTI - Laboratoire d'Expertise et de 
 Recherche de Traces Informatiques
http://www.lerti.fr +33.4 76 90 54 21


--
Paul Vidonne Consultant
16, chemin de Malacher
38240 Meylan 
Tel : +33 4 76 90 65 97
http://www.vidonne.fr
[More messages with this same subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  ECU - Australian Security Conferences - CFP Extended until 30th September, Craig VALLI
Next by Date:  HITBSecConf2007 - Malaysia Materials & Photos are up !, Praburaajan
Previous by Thread:  Re: Not constant sha1sum, jhill
Next by Thread:  ECU - Australian Security Conferences - CFP Extended until 30th September, Craig VALLI
Indexes:  [Date] [Thread] [Top] [All Lists]